4:04 p.m.
Hi,
I'm working on a simple security service for enterprise application, and one of the
requirements is to be able to determine list of application roles (composites, if I get
the vocabulary right) for each user that has successfully signed in. User credentials are
naturally acquired from session token.
According to the REST API docs, you can acquire list of application roles for a given
realm role with the following request:
/admin/realms/{realm}/roles/{realm_role}/composites
It turns out however that in order to be successfully executed, this request requires the
user to have "manage-realm" effective role assigned. This will naturally be the
case only for admin users.
So I'd much appreciate if you could tell whether there is a way (using REST API or
User/RoleRepresentation objects) to get list of application roles for a given realm role
without the need of having "manage-realm" role assigned.
Thank you in advance for your help.
Best Regards,
Maciej Szewczykowski
Java Developer
________________________________
T +44 01628 539 800
E firstname.lastname(a)pjmedia.co.uk
PJ Media Limited,
Plac Wolności 21, 05-825
Grodzisk Mazowiecki, Warsaw, Poland
[Brandpath]<http://www.brandpath.com/>
PJ MEDIA LIMITED | Registered in England and Wales no. 04946760 | Registered Office:
Network House, Third Avenue, Globe Park, Marlow, Buckinghamshire, SL7 1EY, United Kingdom
| Web site: http://www.pjmedia.co.uk
The contents of this message and any attachments to it are confidential and may be legally
privileged. If you have received this message in error you should delete it from your
system immediately and advise the sender. To any recipient of this message within PJ
Media, unless otherwise stated, you should consider this message and attachments as PJ
Media confidential.
PJ MEDIA LIMITED,
Registered in England no. 04946760
Address: Network House, Third Avenue, Globe Park, Marlow, SL7 1EY, United Kingdom
8:39 a.m.
It seems that you can instead use this endpoint for role-by-id:
http://keycloak.github.io/docs/rest-api/admin/realms/%7Brealm%7D/roles-by...
. This one should require just "view-realm" permissions.
Marek
On 20.5.2015 16:04, Maciej Szewczykowski wrote:
Hi,
I’m working on a simple security service for enterprise application,
and one of the requirements is to be able to determine list of
application roles (composites, if I get the vocabulary right) for each
user that has successfully signed in. User credentials are naturally
acquired from session token.
According to the REST API docs, you can acquire list of application
roles for a given realm role with the following request:
/admin/realms/{realm}/roles/{realm_role}/composites
It turns out however that in order to be successfully executed, this
request requires the user to have „manage-realm” effective role
assigned. This will naturally be the case only for admin users.
So I’d much appreciate if you could tell whether there is a way (using
REST API or User/RoleRepresentation objects) to get list of
application roles for a given realm role without the need of having
„manage-realm” role assigned.
Thank you in advance for your help.
Best Regards,
*Maciej Szewczykowski *
Java Developer
------------------------------------------------------------------------
T +44 01628 539 800
E firstname.lastname(a)pjmedia.co.uk
*PJ Media Limited,***
Plac Wolności 21, 05-825
Grodzisk Mazowiecki, Warsaw, Poland
Brandpath <http://www.brandpath.com/>
PJ MEDIA LIMITED | Registered in England and Wales no. 04946760 |
Registered Office: Network House, Third Avenue, Globe Park, Marlow,
Buckinghamshire, SL7 1EY, United Kingdom | Web site:
http://www.pjmedia.co.uk
The contents of this message and any attachments to it are
confidential and may be legally privileged. If you have received this
message in error you should delete it from your system immediately and
advise the sender. To any recipient of this message within PJ Media,
unless otherwise stated, you should consider this message and
attachments as PJ Media confidential.
PJ MEDIA LIMITED,
Registered in England no. 04946760
Address: Network House, Third Avenue, Globe Park, Marlow, SL7 1EY,
United Kingdom
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3272
days inactive
3273
days old
1 comments
2 participants
participants (2)
-
Maciej Szewczykowski -
Marek Posolda